VYPR

Java Virtual Machine

by Microsoft

CVEs (28)

  • CVE-2003-0111May 5, 2003
    risk 0.06cvss epss 0.41

    The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could…

  • CVE-2002-0866Oct 11, 2002
    risk 0.06cvss epss 0.41

    Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote attackers to load and execute DLLs (dynamic link libraries) via a Java applet that calls the constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL…

  • CVE-2000-0711Oct 20, 2000
    risk 0.06cvss epss 0.34

    Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice.

  • CVE-2000-0132Jan 31, 2000
    risk 0.05cvss epss 0.20

    Microsoft Java Virtual Machine allows remote attackers to read files via the getSystemResourceAsStream function.

  • CVE-2000-1061Dec 11, 2000
    risk 0.04cvss epss 0.10

    Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the…

  • CVE-2002-1292Nov 29, 2002
    risk 0.02cvss epss 0.22

    The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as used in Internet Explorer, allows remote attackers to extend the Standard Security Manager (SSM) class (com.ms.security.StandardSecurityManager) and bypass intended StandardSecurityManager restrictions by…

  • CVE-2002-1286Nov 29, 2002
    risk 0.02cvss epss 0.20

    The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to steal cookies and execute script in a different security context via a URL that contains a colon in the domain portion, which is not properly parsed and loads an applet from a malicious…

  • CVE-2002-1287Nov 29, 2002
    risk 0.02cvss epss 0.20

    Stack-based buffer overflow in the Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service via a long class name through (1) Class.forName or (2) ClassLoader.loadClass.

  • CVE-2002-0865Oct 11, 2002
    risk 0.02cvss epss 0.20

    A certain class that supports XML (Extensible Markup Language) in Microsoft Virtual Machine (VM) 5.0.3805 and earlier, probably com.ms.osp.ospmrshl, exposes certain unsafe methods, which allows remote attackers to execute unsafe code via a Java applet, aka "Inappropriate Methods…

  • CVE-2002-0867Oct 11, 2002
    risk 0.02cvss epss 0.27

    Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to cause a denial of service (crash) in Internet Explorer via invalid handle data in a Java applet, aka "Handle Validation Flaw."

  • CVE-2002-0076Mar 19, 2002
    risk 0.02cvss epss 0.27

    Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape…

  • CVE-2004-0723Jul 27, 2004
    risk 0.01cvss epss 0.13

    Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers to bypass sandbox restrictions to read or write certain data between applets from different domains via the "GET/Key" and "PUT/Key/Value" commands, aka "cross-site Java."

  • CVE-2002-1325Dec 23, 2002
    risk 0.01cvss epss 0.14

    Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet that accesses the user.dir system property, aka "User.dir Exposure Vulnerability."

  • CVE-2002-1258Dec 23, 2002
    risk 0.01cvss epss 0.15

    Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due…

  • CVE-2002-1260Dec 23, 2002
    risk 0.01cvss epss 0.15

    The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass security checks and access database contents via an untrusted Java applet.

  • CVE-2002-1257Dec 23, 2002
    risk 0.01cvss epss 0.15

    Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail.

  • CVE-2002-1288Nov 29, 2002
    risk 0.01cvss epss 0.17

    The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to determine the current directory of the Internet Explorer process via the getAbsolutePath() method in a File() call.

  • CVE-2002-1291Nov 29, 2002
    risk 0.01cvss epss 0.18

    The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read arbitrary local files and network shares via an applet tag with a codebase set to a "file://%00" (null character) URL.

  • CVE-2002-1293Nov 29, 2002
    risk 0.01cvss epss 0.15

    The Microsoft Java implementation, as used in Internet Explorer, provides a public load0() method for the CabCracker class (com.ms.vm.loader.CabCracker), which allows remote attackers to bypass the security checks that are performed by the load() method.

  • CVE-2002-1294Nov 29, 2002
    risk 0.01cvss epss 0.15

    The Microsoft Java implementation, as used in Internet Explorer, can provide HTML object references to applets via Javascript, which allows remote attackers to cause a denial of service (crash due to illegal memory accesses) and possibly conduct other unauthorized activities via…

Page 1 of 2